Paul Menzel:
> Dear Postfix folks,
>
>
> On 02/19/18 20:11, Wietse Venema wrote:
> > Jonathan S?lea:
> [...]. One can of course automate periodic SMTP TLS policy
> updates from the STS URIs of a handful of providers, and let the
> usual outbound TLS policy take care of the rest:
>
yarmak:
> I have implemented such policy server: it lookups MTA-STS policy, caches and
> updates it as RFC 8461 defines.
>
> Github: https://github.com/Snawoot/postfix-mta-sts-resolver
> PyPI: https://pypi.org/project/postfix-mta-sts-resolver/
>
> Daemon lacks some features required by standard l
Dear Postfix folks,
On 02/19/18 20:11, Wietse Venema wrote:
> Jonathan Sélea:
[...]. One can of course automate periodic SMTP TLS policy
updates from the STS URIs of a handful of providers, and let the
usual outbound TLS policy take care of the rest:
http://www.postfi
I have implemented such policy server: it lookups MTA-STS policy, caches and
updates it as RFC 8461 defines.
Github: https://github.com/Snawoot/postfix-mta-sts-resolver
PyPI: https://pypi.org/project/postfix-mta-sts-resolver/
Daemon lacks some features required by standard like proactive policy f
Jonathan S?lea:
> >> [...]. One can of course automate periodic SMTP TLS policy
> >> updates from the STS URIs of a handful of providers, and let the
> >> usual outbound TLS policy take care of the rest:
> >>
> >>http://www.postfix.org/TLS_README.html#client_tls_policy
> > I'm much in favor of
> Thanks. Note that "by manual" I mean not-based on the missing STS support,
> but still based on their published STS policy which you can map to a Postfix
> TLS policy via a cron job that updates the data once a week or so.
>
Fair enough :)
Looking forward to it!
--
Jonathan
signature.asc
> On Feb 19, 2018, at 1:58 PM, Jonathan Sélea wrote:
>
>> Cycles to work on this are not immediately available. With so few
>> early adopters, and even Gmail in "testing", you might just build
>> manual policy that gets you secure transport to Gmail, Yahoo and
>> the other "free" email provide
> Likely some time this year, but it is not entirely trivial, because
> the spec requires a first successful delivery to "activate" the policy,
> and expedited policy cache refresh on delivery failure. Therefore,
> there would need to be some sort of new feedback mechanism at delivery
> completio
> On Feb 19, 2018, at 1:43 PM, Jonathan Sélea wrote:
>
> It sounds like it is a fairly "easy" implementation? If so, when can
> expect a testing version for this?
> I will gladly test this!
Likely some time this year, but it is not entirely trivial, because
the spec requires a first successful
>> [...]. One can of course automate periodic SMTP TLS policy
>> updates from the STS URIs of a handful of providers, and let the
>> usual outbound TLS policy take care of the rest:
>>
>>http://www.postfix.org/TLS_README.html#client_tls_policy
> I'm much in favor of reusing the Postfix SMTP
Viktor Dukhovni:
> [...]. One can of course automate periodic SMTP TLS policy
> updates from the STS URIs of a handful of providers, and let the
> usual outbound TLS policy take care of the rest:
>
>http://www.postfix.org/TLS_README.html#client_tls_policy
I'm much in favor of reusing the Pos
> On Feb 17, 2018, at 2:35 PM, Scott Kitterman wrote:
>
> Here's the current draft:
>
> https://tools.ietf.org/html/draft-ietf-uta-mta-sts-14
>
> Having given it a quick read, I don't know that postfix needs to make any
> changes for this. I believe it could be readily manged by an external
On Saturday, February 17, 2018 07:04:23 PM Jonathan Sélea wrote:
> Hi
>
> Hopefully, I am not one of several who already has asked this question
> before, but here it goes:
>
> When does postfix plans to implement MTA-STS? Big providers (Google,
> Yahoo, Comcast and soon Microsoft) has already im
Hi
Hopefully, I am not one of several who already has asked this question
before, but here it goes:
When does postfix plans to implement MTA-STS? Big providers (Google,
Yahoo, Comcast and soon Microsoft) has already implemented it and
ofcourse - it would be nice if postfix could support it too,
14 matches
Mail list logo
